Social media websites are fuelling the fire of the UK’s fraud crisis by failing to clamp down on scammers selling people’s personal details through their platforms, a new Which? Money investigation reveals.
The consumer champion discovered 50 scam profiles, pages and groups across Facebook, Twitter and Instagram with clear evidence of blatant criminal activity.
This included advertising stolen identities, credit card details, compromised Netflix and Uber Eats accounts and even fake passports made to order. All were found easily by searching simple, barely disguised slang terms for fraud.
With fraud cases rising by a fifth in the last year and losses to coronavirus-related scams already reaching £2 million, Which? is concerned that the results of its investigation – carried out before the outbreak took hold in the UK – highlight how lax measures to prevent the trade of personal and financial information on these platforms could be exploited by criminals looking to take advantage of the crisis.
For instance, the investigation uncovered an alarming post on one illicit Facebook group, detailing the full identity of a man in Yorkshire. His full name, date of birth, address and mobile number were all listed alongside complete financial information including his credit card number, CVV number and expiry date, sort code and the name of his bank.
The post had already been up for four months when it was spotted by Which?, and the details were even being given away for free, potentially as a tactic designed to prove the seller’s credentials for future deals.
Using the open electoral roll, a researcher was able to establish that the victim had lived at the address listed in the Facebook post at least as recently as 2018, along with individuals whose names and ages implied they were his wife and adult children – demonstrating how easy it would be for a scammer to exploit the details available in the Facebook post.
Meanwhile, one fraudster on Twitter offered full credit card details of someone with a ‘£13k+ balance’ for £100, or three sets of card details for £200. Another offered a phoney passport for £3,000, which could have potentially been used as proof of ID to open bank accounts and credit cards.
Twitter’s algorithm also made it all too easy to find criminal ID sellers. After searching for and viewing such accounts, the site suggested following ones offering similar services through its “who to follow” section.
In addition, Which? found Instagram users sharing price lists detailing how much it would cost to acquire full identities, as well as ‘fraud bibles’. These comprehensive how-to guides for novice hackers and scammers explain how to create fake identities and use stolen card details.
All 50 of the groups, pages and profiles were reported to their respective social media platforms via their in-site reporting tools.
Shockingly, Facebook initially refused to remove the post containing the clearly stolen details of the Yorkshire man, on the basis that it ‘doesn’t go against one of our specific community standards’.
When Which? requested a review of the decision through the reporting tool, the post was removed, but the hacker group it was posted on remained up.
While Facebook also removed a few other isolated posts that Which? reported, when a researcher checked six days later, it had allowed every page and group to remain. Instagram and Twitter had not removed any content at all.
It was only when the content was presented to the platforms’ media representatives that it was ultimately all taken down.
Which? believes it is unacceptable for social media platforms to take such a lackadaisical attitude to the fraudulent activity taking place on their sites.
With proposed regulation of illegal and harmful content on social media platforms – such as the criminal activity exposed in this investigation – a long way from being introduced, the consumer champion is calling for the sites to take much more responsibility and be proactive in removing such content and blocking criminals.
Jenny Ross, Which? Money Editor, said:
“It’s astonishing that social media sites make it so easy for criminals to trade people’s personal and financial information, particularly as fraud is such a prevalent crime that can have devastating consequences.
“Social media firms must take much stronger action to prevent their sites becoming a safe haven for scammers, and should work with the financial industry and police to address serious flaws with their platforms.”
- Facebook, which also owns Instagram, said: “Fraudulent activity is not tolerated on our platforms, and we have removed the groups and profiles flagged to us by Which? Money for violating our policies. We continue to invest in people and technology to identify and remove fraudulent content, and we urge people to report any suspicious content to us so we can take action.”
- Twitter said: “It is against our rules to use scam tactics on Twitter to obtain money or private financial information. Where we identify violations of our rules, we take robust enforcement action. We’re constantly adapting to bad actors’ evolving methods, and will continue to iterate and improve upon our policies as the industry evolves.”
- Video: Identity fraud on Facebook, Twitter & Instagram & how to protect yourself (made public 00:01 Thursday 30 April): https://www.youtube.